Logical Methods in Computer Science 
Vol. 11(3:3)2015, pp. 1-37 
www.lmcs-online.org 


Submitted Feb. 27, 2014 
Published Aug. 13, 2015 


SERVICE-ORIENTED LOGIC PROGRAMMING* * 

lONUT TUTU“ AND JOSE LUIZ FIADEIRO'’ 

“ Department of Computer Science, Royal Holloway University of London 
Institute of Mathematics of the Romanian Academy, Research group of the project ID-3-0439 
e-mail address: ittutu@gmail.com 

^ Department of Computer Science, Royal Holloway University of London 
e-mail address: jose.fiadeiro@rhul.ac.uk 


Abstract. We develop formal foundations for notions and mechanisms needed to support 
service-oriented computing. Our work builds on recent theoretical advancements in the 
algebraic structures that capture the way services are orchestrated and in the processes 
that formalize the discovery and binding of services to given client applications by means 
of logical representations of required and provided services. We show how the denota- 
tional and the operational semantics specific to conventional logic programming can be 
generalized using the theory of institutions to address both static and dynamic aspects of 
service-oriented computing. Our results rely upon a strong analogy between the discovery 
of a service that can be bound to an application and the search for a clause that can be 
used for computing an answer to a query; they explore the manner in which requests for 
external services can be described as service queries, and explain how the computation of 
their answers can be performed through service-oriented derivatives of unification and res¬ 
olution, which characterize the binding of services and the reconhguration of applications. 


1. Introduction 

Service-Oriented Computing. Service-oriented computing is a modern computational 
paradigm that deals with the execution of programs over distributed information-processing 
infrastructures in which software applications can discover and bind dynamically, at run 
time, to services offered by providers. Whereas the paradigm has been effectively in use for 
a more than a decade in the form of Web services [ACKM(l4] or Grid computing [EKOdj . 
research into its formal foundations has lagged somewhat behind, partly because of our lack 
of understanding of (or agreement on) what is really new about the paradigm, especially in 
relation to distributed computing in general (see, for example, |Vog03| ). 

2012 ACM CCS: [Theory of computation): Logic — Constraint and logic programming; Semantics 
and reasoning — Program reasoning — Program specifications; [Information systems]: World Wide Web 
— Web services — Service discovery and interfaces. 

Key words and phrases: Logic programming, Institution theory. Service-oriented computing, Orchestra¬ 
tion schemes, Service discovery and binding. 

* A preliminary version of this work was presented at CALCO 2013 |TF13|. 
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It is fair to say that significant advances have been made towards formalizing new 
forms of distributed computation that have arisen around the notion of service (e.g. chore¬ 
ography |SBFZ07] i. notably through several variants of the vr-calculus. However, service- 
oriented computing raises more profound challenges at the level of the structure of systems 
due to their ability to discover and bind dynamically, in a non-programmed manner, to 
other systems. The structure of the systems that we are now creating in the virtual space 
of computational networks is intrinsically dynamic, a phenomenon hitherto unknown. For¬ 
malisms such as the 7r-calculus do not address these structural properties of systems. This 
prevents us from fully controlling and developing trust in the systems that are now operat¬ 
ing in cyberspace, and also from exploiting the power of the paradigm beyond the way it is 
currently deployed. 

Towards that end, we have investigated algebraic structures that account for modu¬ 
larity (e.g. |FLB07l IFS07| i - referring to the way services are orchestrated as composite 
structures of components and how binding is performed through interaction protocols - 
and the mechanisms through which discovery can be formalized in terms of logical specifica¬ 
tions of required/provided services and constraint optimisation for service-level agreements 
(e.g. |FLB11( [FL13b] i. In the present paper, we take further this research to address the 
operational aspects behind dynamic discovery and binding, i.e. the mechanisms through 
which applications discover and bind, at run time, to services. Our aim is to develop an 
abstract, foundational setting - independent of the specific technologies that are currently 
deployed, such as SOAP for message-exchange protocols and UDDi for description, discovery, 
and integration - that combines both the denotational and the operational semantics of 
services. The challenge here is to define an integrated algebraic framework that accounts 
for (a) logical specifications of services, {h) the way models of those specifications capture 
orchestrations of components that may depend on externally provided services to be discov¬ 
ered, and (c) the way the discovery of services and the binding of their orchestrations to 
client applications can be expressed in logical/algebraic terms. 

Logic Programming. The approach that we propose to develop to meet this challenge 
builds on the relational variant of (Horn-clause) logic programming - the paradigm that 
epitomizes the integration of declarative and operational aspects of logic. In conventional 
logic programming, clauses have a declarative semantics as universally quantified implica¬ 
tions that express relationships over a domain (the Herbrand universe), and an operational 
semantics that derives from resolution and term unification: definite clauses (provided by 
a given logic program) are used to resolve logic-programming queries (expressed as exis¬ 
tentially quantified conjunctions) by generating new queries and, through term unification, 
computing partial answers as substitutions for the variables of the original query. 

In a nutshell, the analogy between service-oriented computing and conventional logic 
programming that we propose to systematically examine in this paper unfolds as follows: 

• The Herbrand universe consists of those service orchestrations that have no dependencies 
on external services - what we refer to as ground orchestrations. 

• Variables and terms correspond to dependencies on external services that need to be 
discovered and to the actual services that are made available by orchestrations. 

• Service clauses express conditional properties of services required or provided by orchestra¬ 
tions, thus capturing the notion of service module described in [FLBIl] . Their declarative 
semantics is that, when bound to the orchestrations of other service clauses that ensure 
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the required properties, they deliver, through their orchestration, services that satisfy the 
specified properties. 

• Service queries express properties of orchestrations of services that an application requires 
in order to fulfil its goal - what we describe in |FLB11| as activity modules. 

• Logic programs define service repositories as collections of service modules. 

• Resolution and term unification account for service discovery by matching required prop¬ 
erties with provided ones and the binding of required with provided services. 


The structure of the paper. Our research into the logic-programming semantics of 
service-oriented computing is organized in two parts. In Section [2] we present a new cate¬ 
gorical model of service orchestrations, called orchestration scheme, that enables us to treat 
orchestrations as fully abstract entities required to satisfy only a few elementary properties. 
This framework is flexible enough to accommodate, for example, orchestrations in the form 
of program expressions, as considered in (Fla n], or as asynchronous relational networks 
similar to those defined in [FL13a] . In our study, such schemes play an essential role in 
managing the inherent complexity of orchestrations whilst making available, at the same 
time, the fundamental building blocks of service-oriented logic programming. In Section [3l 
we define a logical system of orchestration schemes over which we can express properties that 
can be further used to guide the interconnection of orchestrations. We recall from TF15 


the algebraic structures that underlie institution-independent logic programming, in partic¬ 
ular the substitution systems that are characteristic of relational logic programming, and 
prove that the resulting logic of orchestration schemes constitutes a generalized substitution 
system. This result is central to our work, not only because it provides the declarative se¬ 
mantics of our approach to service-oriented computing, but also because it gives a definite 
mathematical foundation to the analogy between service-oriented computing and conven¬ 
tional logic programming outlined above. Building on these results, we show how clauses, 
queries, unification and resolution can be defined over the generalized substitution system 
of orchestration schemes, providing in this way the corresponding operational semantics of 
service-oriented computing. 


The work presented herein continues our investigation on logic-independent foundations 
of logic programming reported in |TF15| . As such, it is based on the theory of institutions of 
Goguen and Burstall [GB92] : although familiarity with the institution-independent presen¬ 
tation of logic programming is not essential, some knowledge of basic notions of institution 
theory such as institution, (co)morphism of institutions, and also of the description of in¬ 
stitutions as functors into the category of rooms [Dia OH ISTll] is presumed. 


2. Orchestration Schemes 

The first step in the development of the particular variant of logic programming that we 
consider in this paper consists in determining appropriate categorical abstractions of the 
structures that support service-oriented computing. These will ultimately allow us to de¬ 
scribe the process of service discovery and binding in a way that is independent of any 
particular formalism (such as various forms of automata, transition systems or process 
algebras). 

Our approach is grounded on two observations: first, that orchestrations can be orga¬ 
nized as a category whose arrows, or more precisely, cospans of arrows, can be used to model 
the composition of service components (as defined, for example, in [FLB07(IFLBlHIFL13b] ): 
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second, that the discovery of a service to be bound to a given client application can be for¬ 
malized in terms of logical specifications of required and provided properties, ensuring that 
the specification of the properties offered by the service provider refines the specification 
of the properties requested by the client application. To this end, we explore the model- 
theoretic notion of refinement advanced in |ST88] . except that, in the present setting, the 
structures over which specifications are evaluated are morphisms into ground orchestrations, 
i.e. into orchestrations that have no dependencies on external services. The motivation for 
this choice is that, in general, the semantics of non-ground orchestrations is open: the (ob¬ 
servable) behaviour exhibited by non-ground orchestrations varies according to the external 
services that they may procure at run time. With these remarks in mind, we arrive at the 
following concept of orchestration scheme. 

Definition 2.1 (Orchestration scheme). An orchestration scheme is a quadruple (Ore, Spec, 
Grc, Prop) consisting of 

• a category Ore of orchestrations and orchestration morphisms, 

• a functor Spec: Ore —)• Set that dehnes a set Spec(o) of service specifications over o for 
every orchestration o, 

• a full subcategory Grc C Ore of ground orchestrations, and 

• a functor Prop: Grc —)• Set that defines a natural subset Prop(g) C Spec(g)0of properties 
of g (specifications that are guaranteed to hold when evaluated over g) for every ground 
orchestration g. 

To illustrate our categorical approach to orchestrations, we consider two main running 
examples: program expressions as discussed in |Fia m (see also |Mor94] l. which provide 
a way of constructing structured (sequential) programs through design-time discovery and 
binding, and the theory of asynchronous relational networks put forward in |FL13a] . which 
emphasizes the role of services as an interface mechanism for software components that can 
be composed through run-time discovery and binding. 

2.1. Program Expressions. The view that program expressions can be seen as dehning 
‘service orchestrations’ through which structured programs can be built in a compositional 
way originates from [Fla I2]. Intuitively, we can see the rules of the Hoare calculus [Hoa69] as 
defining ‘clauses’ in the sense of logic programming, where uniheation is controlled through 
the rehnement of pre/post-conditions as speciheations of provided/required services, and 
resolution binds program statements (terms) to variables in program expressions. In Figured] 
we depict Hoare rules in a notation that is closer to that of service modules, which also brings 
out their clausal form: the specification (a pair of a pre- and a post-condition) on the left- 
hand side corresponds to the consequent of the clause (which relates to a ‘provides-point’ of 
the service), while those on the right-hand side correspond to the antecedent of the clause (i.e. 
to the ‘requires-points’ of the service) - the specifications of what remains to be discovered 
and bound to the program expression (the ‘service orchestration’ inside the box) to produce 
a program. In Figure [21 we retrace Hoare’s original example of constructing a program that 
computes the quotient and the remainder resulting from the division of two natural numbers 
as an instance of the unification and resolution mechanisms particular to logic programming. 
We will further discuss these mechanisms in more detail in Subsection 13.31 

^By describing the set Propfg) as a natural subset of Speefg) we mean that the family of inclusions 
(Propfg) C Spec( 0 ))^gnjj.^| defines a natural transformation from Prop to (Grc C Ore) ;Spec. 
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Figure 1: Program modules 


The formal description of program expressions that we consider here follows the pre¬ 
sentation given in [GM96j of the algebraic semantics of programs except that, instead of 
the theory of many-sorted algebra, we rely on the theory of preordered algebra developed 
in [DF98| . whose institution we denote by POA . In this context, signatures are ordinary 
algebraic signatures whose denotation is defined over the category of preorders rather than 
that of sets, with models interpreting the sorts as preordered sets and the operation symbols 
as monotonic functions. The sentences are built as in first-order logic based on two kinds 
of atoms: equational atoms I = r and preorder atoms I —r, where I and r are terms of the 
same sort; the latter are satished by a preordered algebra A if and only if the interpretations 
of I and r in A belong to the preorder relation of the carrier of their sort. 

In order to fully define the orchestration scheme of program expressions we assume that 
the programming language we have chosen to analyse is specihed through a many-sorted 
signature {S, F) equipped with 

• a distinguished set of sorts S'p®™ C S corresponding to the types of executable expressions 
supported by the language, and sorts State, Config € S'\S'p®™ capturing the states of the 
programs and the various conhgurations that may arise upon their execution, respectively; 

• operation symbols (_): State —)• Config and (_, _): eXp State —>■ Config for sorts eXp € 
5 'pgm, which we regard as constructor operators for the sort Config] 

• a (sortwise inhnite) SP^^-indexed set Var of program variables, and state variables 
st, st': State, used to refer to the states that precede or result from executions; and 

• a preordered {S, T)-algebra A that describes the semantics of the programming language 
through the preorder relation associated with the sort Config^ 

Example 2.2. The premises that we consider within this subsection are weak enough to 
allow the proposed algebraic framework to accommodate a wide variety of programming 

^Alternatively, one could use a theory presentation or a structured specification instead of the algebra A. 
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SPi: true, lx = q * y + r} A {r < yj SPg : {x = q * y + x},lx = q * y + rj 

SP 2 ■■ true, lx = q*y + rj Air < yj SPiq : {x = q * y + rj,lx = q * y + rj A -'ly < rj 

SP 3 : true, lx = q * y + rj SPn ■ {x = q * y + rj A {y < rj, lx = q * y + rj 

SPi: lx = q * y + rj,lx = q * y + rj A Ir < yj SPu'- {x = {q + 1) * y + {r - y)]], lx = q*y + rj 

SP 5 : true, lx = q * y + rj SP 13 : lx = {q + 1 ) * y + {r - y)j,lx = q * y + {r - y)j 

SPq: true, lx = q * y + xj SPu: lx = q * y + {r - y)], lx = q * y + rj 

SP 7 : lx = q * y + xj,lx = q * y + rj SP 15 : lx = {q + 1) * y + {r - y)j,lx = q * y + {r - y)j 

SPg: lx = 0 * y + xj,lx = q * y + xj SPie: lx = q * y + {r - y)j,lx = q * y + rj 
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languages. For instance, the program expressions underlying the modules depicted in Fig¬ 
ure [T] are simply terms of sort Pgm that can be formed based on the following five operation 
symbols Iwritten using; the mixfix notation of CafeOBJ [DF98] and Case [Mos nU): 

(empty statement) 

(assignment) 

(sequence) 

(selection) if _then_else _endif: CondPgmPgm —Pgm, 

(iteration) 


skip: —> Pgm, 

_ IdAExp ^ Pgm, 

Pgm Pgm Pgm, 

if _then _ else _endif: CondPgmPgm 
while _do _ done: CondPgm —> Pgm. 


To simplify our presentation, we omit the details associated with the sorts Id of iden¬ 
tifiers, AExp of arithmetic expressions and Cond of conditions; we also tacitly assume that 
the signature under consideration declares the usual operation symbols associated with the 
names of identifiers, the addition, subtraction and multiplication of arithmetic expressions, 
and with the atoms and Boolean connectives specific to conditions. Moreover, we assume 
the essential sorts State and Conf ig to be defined, as well as the operation symbols (_) and 
(-,-)• 


Algebraic signatures having the aforementioned additional structure induce orchestra¬ 
tion schemes in a canonical way, as follows. 

Orchestrations. The orchestrations are program expressions, that is {S, F U For)-terms 
pgm: eXp, usually denoted simply by pgm if there is no danger of confusion, such that 
eXp is a sort in The arrows through which they are linked generalize the subterm 

relations; in this sense, a morphism (i/^, tt) between programs pgmi: eXpi and pgm 2 : eXp 2 
consists of 

• a substitution 'tp: Yaic{pgmi) vai{pgm 2 ), mapping the variables that occur in pgmi to 
program expressions defined over the variables of pgm 2 , together with 

• a position tt in pgm 2 , i.e. a sequence of natural numbers that precisely identifies a partic¬ 
ular occurrence of a subterm pgm 2 ( 7 ^ of pg'm 2 , 

such that 'ilj^’^{pgmi) = Their composition is defined componentwise, in a way 

that ensures the commutativity of the following diagram. 

„ (bl,7ri) (b2,7r2> 

pgm^: eXp^ -^ pgm2 : eXp2 -^ pgm^: eXp^ 


{■(/’15b2,'n'2-7ri) 

Specifications. For each program expression pgm: eXp, a (program) specification is a 
triple of the form l: [p, p'], where i is a position in pgm indicating the ‘subprogram’ of pgm 
whose behaviour is being analysed!! and p and p' are pre- and post-conditions associated with 
pgm\^, formalized as (quantifier-free) POA -sentences over the signature {S, F Li {st: State}). 
The intuitive interpretation is the usual one: 

Whenever the program pgm\i^ is executed in an initial state that satisfies 
the pre-condition p, and the execution terminates, the resulting final state 
satisfies the post-condition p'. 

^Here, we let '0*™ denote the canonical extension of the substitution ip from variables to terms. 

^The first component of specifications may be encountered in the literature (e.g. in |Mor94| i with a 
different meaning: the set of identifiers whose values may change during the execution of the program. 
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Note, however, that specifications cannot be evaluated over arbitrary program expressions 
because, due to the presence of program variables (from Var), some of the programs may 
not support a well-defined notion of execution. We will address this aspect in Section [3] 
by taking into account translations of specifications along morphisms whose codomains 
are ground program expressions. For now, it suffices to mention that the translation of a 
program specification l: [p, p'] of pgrrii: eXpi along a morphism (V’jTt): {pgrrii'. eXp]) —)■ 
{pgm2 : eXp2) is defined as the specification (vr • i): V'(/o 0 ] of ■ ^^P2- 

Ground orchestrations and properties. As expected, ground program expressions are 
just program expressions that do not contain variables: {S, F’)-terms pgm: eXp whose sort 
eXp belongs to S'p®™. Consequently, they have a well-defined operational semantics, which 
means that we can check whether or not they meet the requirements of a given specification. 

A specification t: [p, p'] is a property of a ground program expression pgm: eXp if and 
only if the following satisfaction condition holds for the preordered algebra A: 

A V{st, st': State} • {p{st) A {pgm f^, st) — {st')) ^ p'{st'). 

To keep the notation simple and, at the same time, emphasize the roles of st and st', we 
used p{st) in the above POA -sentence as another name for p, while p'{st') is the sentence 
derived from p' by replacing the variable st with The same notational convention is 
used in Figure [1] to represent the specification attached to the assignment expression. In 
that case, p is assumed to be a sentence defined not only over st: State, but also over a 
variable v : AExp; the sentences p(e) and p{x) are then derived from p by replacing v with e 
and X (regarded as an atomic arithmetic expression), respectively. Another notation used in 
Figured] (and also in Figure[2|) is [[C]], where C is a term of sort Cond; this follows Iverson’s 
convention (see |Ive62| . and also |GKP94j i. and corresponds to an atomic POA- sentence 
that captures the semantics of the condition C. 

We conclude the presentation of orchestrations as program expressions with Proposi¬ 
tion 12.31 below, which guarantees that properties form natural subsets of the sets of specifi¬ 
cations; in other words, the morphisms of ground programs preserve properties. 

Proposition 2 . 3 . Let (V’,vr): {pgm-^ \ eXp^) {pgm2- eXpg) be a morphism of ground 
programs. For every property l: [p,p'] of pgm i'. eXpi, the specification Spec(V', 7 r)(i: [p,p^]) 
is a property of pgm2. eXp2. 

Proof. By the definition of the translation of specifications along morphisms of program 
expressions, Spec(?/),7r)(i: [p,p']) is a property of pgm2'. eXp2 if and only if 

A V{st, st': State} ■ {ip{p){st) A {pgm2\T^.^, st) -A {st')) 'ip{p'){st'). 

I _I I_I I _I 

p{st) p'{st') 

To prove this, notice that all morphisms of ground program expressions share the same 
underlying substitution: the identity of 0. Therefore, 'tp{p) = p, V’(p') = p', and pgm 2 \.^.^ = 
pgm 2 (tt tt = 'ip^'°^{pgmi) = pgmi from which we immediately deduce that both the evalu¬ 

ation of l: [p, p'] in pgm^: eXpi and that of Spec(V’, 't)(/-: [p, p']) in pgm2 : eXp2 correspond 
to the satisfaction by A of the same POA -sentence. D 

^Formally, the sentences p{st) and p'{st') are obtained by translating p and p' along the (S, F)-substitu- 
tions {st} —>■ {st, st'} given by st i—>■ st and st i—>■ st', respectively. 
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2.2. Asynchronous Relational Networks. Asynchronous relational networks as devel¬ 
oped in [FL13a| uphold a significantly different perspective on services: the emphasis is 
put not on the role of services in addressing design-time organisational aspects of complex, 
interconnected systems, but rather on their role in managing the run-time interactions that 
are involved in such systems. In this paper, we consider a variant of the original theory 
of asynchronous relational networks that relies on hypergraphs instead of graphs, and uses 
cj-automat a |Tho9n] (see also |PP04] ) instead of sets of traces as models of behaviour. 

The notions discussed within this context depend upon elements of linear temporal 
logic, and are introduced through dedicated syntactic structures that correspond to specific 
temporal signatures and signature morphisms. However, the proposed theory is largely 
independent of any logical framework of choice - similarly to the way in which program 
expressions can be defined over a variety of algebraic signatures - and can be easily adapted 
to any institution for which 

1. the category of signatures is (finitely) cocomplete; 

2. there exist cofree models along every signature morphism, meaning that the reduct func¬ 
tors determined by signature morphisms admit right adjoints; 

3. the category of models of every signature has (finite) products; 

4. all model homomorphisms reflect the satisfaction of sentences. 

In addition to the above requirements, we implicitly assume, as is often done in insti¬ 
tutions (see, for example, [DiaOS] and [STll] for more details), that the considered logical 
system is closed under isomorphisms, meaning that the satisfaction of sentences is invariant 
with respect to isomorphisms of models. This property holds in most institutions; in partic¬ 
ular, it holds in the variant of temporal logic that we use here as a basis for the construction 
of the orchestration scheme of asynchronous relational networks. 

Linear Temporal Logic. In order to capture a more operational notion of service orches¬ 
tration, we work with an automata-based variant of the institution LTL of linear temporal 
logic |FC96] . This logical system, denoted aLTL . has the same syntax as LTL . which means 
that signatures are arbitrary sets of actions, and that signature morphisms are just func¬ 
tions. With respect to sentences, for any signature A, the set of A-sentences is defined as the 
least set containing the actions in A that is closed under standard Boolean connective^ and 
under the temporal operators next (0_) and until {_IA _). As usual, the derived temporal 
sentences Op and Dp stand for true U p and ^{true U -ip), respectively. 

The semantics of aLTL is defined over (non-deterministic finite-state) Muller automata 
|Mul63] instead of the more conventional temporal models. This means that, in the present 
setting, the models of a signature A are Muller automata A = {Q,V{A),A,I,iF), which 
consist of a (finite) set Q of states, an alphabet V{A), a transition relation A C QxV{A) xQ, 
a subset / C Q of initial states, and a subset T C Viff) of (non-empty) final-state sets. 

The satisfaction relation is based on that of LTL : an automaton A satisfies a sentence p 
if and only if every trace accepted by A satisfies p in the sense of LTL . To be more precise, 
let us first recall that a trace over A is an (infinite) sequence A G V^A)^^, and that a run of 
an automaton A defined as above on a trace A is a state sequence g G Q‘^ such that p(0) G L 
and (p(f), A(i), p(f -|- 1)) G A for every i £ lo. A run g is said to be successful if its infinity 
set, i.e. the set of states that occur infinitely often in g, denoted Inf(p), is a member of iF. 

®For convenience, we assume that disjunctions, denoted V E, and conjunctions, denoted A L, are defined 
over arbitrary finite sets of sentences E, and we abbreviate A{pi,P 2 } as pi A p 2 and A® s-s true. 
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Then a trace A is accepted by A if and only if there exists a successful run of A on A. Finally, 
given a trace A (that can be presumed to be accepted by A) and i € uj, we use the notation 
A(z..) to indicate the suffix of A that starts at A(i). The satisfaction of temporal sentences 
by traces can now be defined by structural induction, as follows; 

A 1= a if and only if a G A(0), 

A 1= -1/9 if and only if A1^ p, 

X\= y E and only if A 1= p for some p (z E, 

A 1= Op if and only if A(l..) 1= p, and 

A 1= pi Z// P 2 if and only if A(i..) 1= p 2 for some Z € w, and A(j..) 1= pi for all j < i, 

where a is an action in A, p, p\ and p 2 are A-sentences, and E is a. set of A-sentences. 

One can easily see that the first of the hypotheses [iHll that form the basis of the 
present study of asynchronous relational networks is satisfied by aLTL . as it corresponds to 
a well-known result about the existence of small colimits in Set. In order to check that the 
remaining three properties hold as well, let us first recall that a homomorphism h: Ai —>■ A 2 
between Muller automata Ai = {Qi,'P{A), Ai,Ii,Ei) and A 2 = {Q 2 ,'P{A), A 2 , 12 , ^ 2 ) (over 
the same alphabet) is a function h: Qi Q 2 such that {h{p), a, h{q)) € A 2 whenever 
(p,a,q) G Ai, h{Ii) C I 2 , and h{Ei) C E 2 . We also note that for any map cr: A —>• A', 
i.e. for any signature morphism, and any Muller automaton A' = {Q','P{A'), A', I', E'), the 
reduct A'(^ is the automaton {Q',V{A), A' \^, I', F') with the same states, initial states and 
final-state sets as A', and with the transition relation given by A'\^ = {{p',a~^{a')^q') \ 
{p\a',q')eA'}. 

The following results enable us to use the institution aLTL as a foundation for the sub¬ 
sequent development of asynchronous relational networks. In particular, Proposition 12.41 
ensures the existence of cofree Muller automata along signature morphisms; Proposition 12.51 
allows us to form products of Muller automata based on a straightforward categorical in¬ 
terpretation of the fact that the sets of traces accepted by Muller automata, i.e. regular 
w-languages, are closed under intersection; and finally. Proposition 12.61 guarantees that all 
model homomorphisms reflect the satisfaction of temporal sentences. 

Proposition 2.4. For every morphism of aLTL - signatures a: A — )■ A', the reduct functor 
Mod^^^(A') —Mod^^^(A) admits a right adjoint, which we denote by (_)‘^. 

Proof. According to a general result about adjoints, it suffices to show that for any automa¬ 
ton A over the alphabet 'P(A) there exists a universal arrow from to A. 

Let us thus consider a Muller automaton A = {Q,V{A), A, I,E) over V{A). We define 
the automaton A'^ = {Q,V{A'),A^,I,E) over the alphabet P(A') by 

A'^ = {{p,a,q) I {p,(T~^{a),q) G A}. 

It is straightforward to verify that the identity map 1q defines a homomorphism of automata 
A'^l'^ —A: for any transition {p,a,q) G A°'|'^, by the dehnition of the reduct functor .(g., 
there exists a set a' C A' such that cr“^(a') = a and {p,a',q) G A®"; given the definition 
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above of A^, it follows that {p,a ^{a'),q) € A, and hence {p,a,q) G A. 



Let us now assume that /i: —)• A is another homomorphism of automata, with 

A' = {Q', V{A'), A', r, T'). Then for any transition (p', a', q') € A', by the definition of the 
functor we have {p',a~^{a'),q') G A'l'^.. Based on the homomorphism property of h, 
it follows that {h{p'),a~^{a'),h{q')) G A, which further implies, by the definition of A'^, 
that {h{p'),a',h{q')) G A'^. As a result, the map h is also a homomorphism of automata 
A' —)■ A®". Even more, it is obviously the unique homomorphism A' —>■ A®" (in the category 
of automata over V{A')) such that 1 q = /i in the category of automata over V{A). Q 

Proposition 2.5. For any set of actions A, the category Mod^^^(A) of Muller automata 
defined over the alphabet 'P{A) admits (finite) products. 

Proof. Let (Aj)^gj be a (finite) family of Muller automata over the alphabet V{A), with Aj 
given by (Qj, P(A), Aj, Ij, T)). We define the automaton A = {Q,'P{A),A,I,F') by 

Q = OiG J Qi^ 

A = {{p,a,q) I {p{i),a,q{i)) G Aj for all i G J}, 

= riiej^G and 

T" = {5 C Q I TTi{S) G Ti for all i G J}, 

where the functions tTj : Q ^ Qi are the corresponding projections of the Cartesian product 
Wi^jQi- By construction, it immediately follows that for every i & J, the map vrj defines 
a homomorphism of automata A —Aj. Even more, one can easily see that for any other 
family of homomorphisms (/ij: A' with A' = {Q',V{A'), A', I', IF'), the unique 

map h: Q' ^ Q such that h^iTi = hi for all i G J defines a homomorphism of automata as 
well. Therefore, the automaton A and the projections (vijjjgj form the product of (Aj)^gj. □ 

Proposition 2.6. Let /i: Ai —>■ A 2 he a homomorphism between automata defined over an 
alphabet V{A). Every temporal sentence over A that is satisfied by A 2 is also satisfied by 

Ai. 

Proof. Suppose that Aj = (Qj, P(A), Aj,/j,Tj), for i G {1,2}. Since the map h: Qi ^ Q 2 
defines a homomorphism of automata, for every successful run g G Qf of Ai on a trace 
A G V{A)^, the composition g^h yields a successful run of A 2 on A. As a result, A 2 accepts 
all the traces accepted by Ai, which further implies that Ai satisfies all temporal sentences 
that are satisfied by A 2 . □ 

Service Components. Eollowing [FL13a| . we regard service components as networks of pro¬ 
cesses that interact asynchronously by exchanging messages through communication chan¬ 
nels. Messages are considered to be atomic units of communication. They can be grouped 
either into sets of messages that correspond to processes or channels, or into specific struc¬ 
tures, called ports, through which processes and channels can be interconnected. 
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The ports can be viewed as sets of messages with attached polarities. As in [BZ83[ 
IBCT06] we distinguish between outgoing or published messages (labelled with a minus 
sign), and incoming or delivered messages (labelled with a plus sign). 

Definition 2.7 (Port). A port M is a pair {M~, M~^) of disjoint (finite) sets of published 
and delivered messages. The set of all messages of M is given by M~ U M"*" and is often 
denoted simply by M. Every port M defines the set of actions Am = Am- U Am+ , where 

• Am- is the set {ml \ m G M~} of publieation aetions, and 

• Am+ is the set {m\ \ m G M~^} of delivery actions. 

Processes are defined by sets of interaction points labelled with ports and by automata 
that describe their behaviour in terms of observable publication and delivery actions. 

Definition 2.8 (Process). A process is a triple {X, that consists of a (finite) 

set X of interaetion points, each point x G X being labelled with a port Mx, and a Muller 
automaton A over the alphabet V{Am), where M is the port given by 

= [hJ = {x.m I X G X, m G }. 
xex 

Example 2.9. In Figure [3] we depict a process JP (for Journey Planner) that provides 
directions from a source to a target location. The process interacts with the environment 

by means of two ports, named JPi and JP 2 . The first port is used to communicate with 

potential client processes - the request for directions (including the source and the target lo¬ 
cations) is encoded into the incoming message planJourney, while the response is represented 
by the outgoing message directions. The second port defines messages that JP exchanges 
with other processes in order to complete its task - the outgoing message getRoutes can 
be seen as a query for all possible routes between the specified source and target locations, 
while the incoming messages routes and timetables define the result of the query and the 
timetables of the available transport services for the selected routes. 

jpi f 

: pranYou'me7+ ' J^ | 

I routes ' 

I directions — i \ ' . , , ' 

__ I Jtjp I -(- timetables i 

1_Gj- 

Figure 3: The process JP 

The behaviour of JP is given by the Muller automaton depicted in Figure 01 whose hnal- 
state sets contain qq whenever they contain q^. We can describe it informally as follows: 
whenever the process JP receives a request planJourney it immediately initiates the search 
for the available routes by sending the message getRoutes; it then waits for the delivery of 
the routes and of the corresponding timetables, and, once it receives both, it compiles the 
directions and replies to the client. 

Remark 2.10. To generalize Dehnition 12.81 to an arbitrary institution (subject to the four 
technical assumptions listed at the beginning of the subsection), we hrst observe that every 
polarity-preserving map 9 between ports M and M' dehnes a function Ag\ Am —>■ Am', i.e. 


'^In the graphical representation, transitions are labelled with propositional sentences, as in |AS87 |: this 
means that there exists a transition for any propositional model (i.e. set of actions) of the considered sentence. 
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Figure 4: The automaton AjfQ 

a morphism of ALTL -signatures, usually denoted simply by 0, that maps every publication 
action ml to 9{m)\ and every delivery action m] to 9{m)\. Moreover, for any process 
(X, , A), the injections (x._: Am^ —>■ Am)x£x define a coproduct in the category 

of ALTL -signatures. This allows us to introduce an abstract notion of process as a triple 
(X, {ix'. Sx —^ ^dat consists of a set X of interaction points, each point x £ X 

being labelled with a port signature a process signature S together with morphisms 
ix: Sx ^ S for X G X (usually dehning a coproduct), and a model A of S. 

Processes communicate by transmitting messages through channels. As in |BZ83[ 
IFL13aj . channels are bidirectional: they may transmit both incoming and outgoing mes¬ 
sages. 

Definition 2.11 (Channel). A channel is a pair (M, A) that consists of a (finite) set M of 
messages and a Muller automaton A over the alphabet V{Am), where Am is given by the 
union A'^ U A'^ of the sets of actions A~^ = {ml | m € M} and A'^ = {m\ | m € M}. 

Note that channels do not provide any information about the communicating entities. 
In order to enable given processes to exchange messages, channels need to be attached to 
their ports, thus forming connections. 

Definition 2.12 (Connection). A connection {M, A, (fix ■ AI Mx)x^x) between the ports 
{Mx)x^x consists of a channel (M, A) and a (hnite) family of partial attachment injections 
{px ■ M Mx)x^x such that M = UxeX dom(/ix) and for any point x G X, 

hxHM^) c y p-\M^). 

yex\{x} 

This notion of connection generalizes the one found in |FL13aj so that messages can be 
transmitted between more than two ports. The additional condition ensures in this case 
that messages are well paired: every published message of Mx, for x G X, is paired with 
a delivered message of My, for y G X \ {x}, and vice versa. One can also see that for 
any binary connection, the attachment injections have to be total functions; therefore, any 
binary connection is also a connection in the sense of [FL13a] . 

Example 2.13. In order to illustrate how the process JP can send or receive messages, we 
consider the connection C depicted in Figure[5]that moderates the flow of messages between 
the port named JP 2 and two other ports, named Ri and R 2 . 
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Ri 



Figure 5: The Journey Planner’s connection 


The underlying channel of C is given by the set of messages M = {g, r, t} together with 
the automaton Ac that specifies the delivery of all published messages without any delay; 
Ac can be built as the product of the automata A^, for m G M, whose transition map is 
depicted in Figure [H and whose sets of states are all marked as hnal. 



-im! A m\ 


Figure 6 : The automaton A^ 

The channel is attached to the ports JP 2 , Ri and R 2 through the partial injections 

• /ijpj: M —>■ Mjp 2 given by <7 i-A getRoutes, r i-A routes and t i-A timetables, 

• /iRj: M —> Mrj given hy g ^ getRoutes and r i-A routes, and 

• /iRj: M —>■ Mrj given by r i-A routes and t i-A timetables. 

These injections specify the actual senders and receivers of messages. For instance, the 
message g is delivered only to the port Ri (because /ir^ is not defined on g), whereas r is 
simultaneously delivered to both JP 2 and R 2 . 

As already suggested in Examples 12.91 and 12.131 processes and connections have dual 
roles, and they interpret the polarities of messages accordingly. In this sense, processes 
are responsible for publishing messages (i.e. they regard delivered messages as inputs and 
published messages as outputs), while connections are responsible for delivering messages. 
This dual nature of connections can be made explicit by taking into account, for every 
connection (M, A, M partial translations : Am Am^)^^x 

actions defined by the channel into actions defined by the ports, as follows: 

dom(A^J = {m! I m G g-\M-)}U{m\ \ m G 7 x“^(M+)}, 

A^^{m\) = 7 ia;(m)! for all messages m G 

Af^^{m\) = gx{'^)\ for all messages m G 

We usually designate the partial maps A^^ simply by g-x if there is no danger of confusion. 

Remark 2.14. Just as in the case of processes, we can dehne connections based on an 
arbitrary logical system, without relying on messages. To achieve this goal, note that, in 
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aLTL, every connection (M, A, (fix ■ M Mx)x^x) determines a family of spans 

Am dom(^a:)A m, 

indexed by points x & X. Then we can consider connections more generally as triples 
(S,A, (ia;: Tj'x Tj, fix'. Tj'x ^ '^x)x£x) ™ which the signature S and the model A of S 
abstract the channel component, and the spans of signature morphisms (i-x, hx)xex provide 
the means of attaching port signatures to the channel. 

We can now define asynchronous networks of processes as hypergraphs having vertices 
labelled with ports and hyperedges labelled with processes or connections. 

Definition 2.15 (Hypergraph). A hypergraph {X,E,'y) consists of a set X of vertices or 
nodes, a set E of hyperedges, disjoint from X, and an incidence map 'y:E^ V(X), defining 
for every hyperedge e G E a non-empty set 7 e C W of vertices it is incident with. 

A hypergraph {X,E,j) is said to be edge-bipartite if it admits a distinguished partition 
of E into subsets E and G such that no adjacent hyperedges belong to the same part, i.e. 
for every 61,62 & E such that 7 ei n 7 e 2 7 ^ 0, either ei € F and 62 G G, or ei € G and 62 G F. 

Hypergraphs have been used extensively in the context of graph-rewriting-based ap¬ 
proaches to concurrency, including service-oriented computing (e.g. [ROTJTDl [FHT;+n5| i. 
We use them instead of graphs [FL13a] because they offer a more flexible mathematical 
framework for handling the notions of variable and variable binding required in Section O 

Definition 2.16 (Asynchronous relational network - arn). An asynchronous relational net¬ 
work fT = {X, P, C, 7 , M, fi. A) consists of a (finite) edge-bipartite hypergraph {X, P, C, 7 ) 
of points X G X, computation hyperedges p G P and communication hyperedges c G C, and 
of 

• a port Mx for every point x G X, 

• a process ( 7 ^, (Mr)^g^^, Ap) for every hyperedge p G P, and 

• a connection (Me, Ac, (fix'- Me Mx)x^-fJ for every hyperedge c G C. 

Example 2.17. By putting together the process and the connection presented in Exam¬ 
ples [23] and [2T31 we obtain the arn JourneyPlanner depicted in Figure [71 Its underlying 
hypergraph consists of the points JPi, JP 2 , Ri and R 2 , the computation hyperedge JP, 
the communication hyperedge C, and the incidence map 7 given by 7 jp = {JPi, JP 2 } and 
7c = {JP 2 , Ri, R 2 }- 


Ri 



Figure 7: The arn JourneyPlanner 
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The Orchestration Scheme of Asynchronous Relational Networks. Let us now focus on the 
manner in which ARNs can be organized to form an orchestration scheme. We begin with 
a brief discussion on the types of points of arns, which will enable us to introduce notions 
of morphism of ARNs and ground ARN. 

An interaction point of an ARN fll is a point of Ul that is not bound to both computation 
and communication hyperedges. We distinguish between two types of interaction points, 
called requires- and provides-points, as follows. 

Definition 2.18 (Requires- and provides-point). A requires-point of an arn lit is a point 
of 91 that is incident only with a communication hyperedge. Similarly, a provides-point of 
91 is a point incident only with a computation hyperedge. 

For the ARN JourneyPlanner depicted in Figure [7l the points Ri and R 2 are requires-points 
(incident with the communication hyperedge C), whereas JPi is a provides-point (incident 
with the computation hyperedge JP). 


Orchestrations. In order to describe arns as orchestrations we first need to equip them 
with appropriate notions of morphism and composition of morphisms. Morphisms of ARNs 
correspond to injective homomorphisms between their underlying hypergraphs, and are 
required to preserve all labels, except those associated with points that, like the requires- 
points, are not incident with computation hyperedges. 

Definition 2.19 (Homomorphism of hypergraphs). A homomorphism h between hyper¬ 
graphs (Ai,F 1 i, 7 ^) and {X 2 , E 2 ,'y'^) consists of functions /i: Xi —>■ X 2 and h: Ei ^ E^ 
such that for any vertex x € Xi and hyperedge e G Fli, x € 7 g if and only if h{x) G 

Definition 2.20 (Morphism of ARNs). Given two arns 91i = (Xi, Pi, Ci, 7 ^, M^, A^) 

and 912 = (X 2 , P 2 , ( 72 , 7 ^, , A'^), a morphism 0: 91i ^ 912 consists of 

• an injective homomorphism 9 : (Xi, Pi, (7i, 7 ^) (X 2 , P 2 , ( 72 , 7 ^) between the underlying 

hypergraphs of 91i and 912 such that 9{Pi) C P 2 and 9{Ci) C C 2 , and 

• a family 9^ of polarity-preserving injections 9'f ^: —>■ for x G Xi, 

such that 

• for every point x G Xi incident with a computation hyperedge, 9x^ = 

• for every computation hyperedge p G Pi, A^ = and 

• for every communication hyperedge c G (7i, Mf = A], = and the following 

diagram commutes, for every point x G 7 ^. 



It is straightforward to verify that the morphisms of ARNs can be composed in terms of 
their components. Their composition is associative and has left and right identities given 
by morphisms that consists solely of set-theoretic identities. We obtain in this way the first 
result supporting the construction of an orchestration scheme of ARNs. 

Proposition 2.21. The morphisms of arns form a category, denoted AMN. D 


’To simplify the notation, we denote both the translation of vertices and of hyperedges simply by h. 
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Specifications. To define specifications over given arns, we label their points with linear 
temporal sentences, much in the way we used pre- and post-conditions as labels for positions 
in terms when defining specifications of program expressions. 

Definition 2.22 (Specification over an arn). For any arn Tt, the set Spec(Tt) of ^speci¬ 
fications is the set of pairs {x, p), usually denoted @x p, where x is a point of and p is an 
ALTL -sentence over Am^, i.e. over the set of actions defined by the port that labels x. 

The translation of specifications along morphisms of arns presents no difficulties: for 
every morphism 0: IJI —>■ the map Spec(0): Spec(Tt) s- Spec(Tt') is given by 

Spec((9)(@„p) = Sen^i^(6'P*)(p) 

for each point x of Tt and each ALTL -sentence p over the actions of x. Furthermore, it can 
be easily seen that it inherits the functoriality of the translation of sentences in aLTL , thus 
giving rise to the functor Spec: AMN s Set that we are looking for. 

Ground orchestrations. Morphisms of arns can also be regarded as refinements, as they 
formalize the embedding of networks with an intuitively simpler behaviour into networks 
that are more complex. This is achieved essentially by mapping each of the requires-points 
of the source arn to a potentially non-requires-point of the target arn, a point which can 
be looked at as the ‘root’ of a particular subnetwork of the target arn. To explain this 
aspect in more detail we introduce the notions of dependency and arn defined by a point. 

Definition 2.23 (Dependency). Let x and y be points of an arn Tt. The point x is said 
to be dependent on y if there exists a path from x to y that begins with a computation 
hyperedge, i.e. if there exists an alternating sequence x ei xi ... y of (distinct) points 
and hyperedges of the underlying hypergraph {X,P,C,"f) of CH such that x G y G 7e„, 
Xi G 7ei n 7ei+i for every 1 < z < n, and ei G P. 

Definition 2.24 (Network defined by a point). The ARN defined by a point x of an arn Tt 
is the full sub- ARN Tla, of Tt determined by x and the points on which x is dependent. 

One can now see that any morphism of ARNs 9: Tli —Tt 2 assigns to each requires-point 
X of the source network Tli the sub- ARN ^2,e{x) of TI 2 defined by 6{x). 

Example 2.25. In Figure[8]we outline an extension of the ARN JourneyPlanner discussed in 
Example 12.171 that is obtained by attaching the processes MS (for Map Services) and TS (for 
Transport System) to the requires-points Ri and R 2 of JourneyPlanner. Formally, the link 
between JourneyPlanner and the resulting arn JourneyPlannerNet is given by a morphism 
9: JourneyPlanner ^ JourneyPlannerNet that preserves all the labels, points and hyperedges 
of JourneyPlanner, with the exception of the requires-points Ri and R 2 , which are mapped 
to MSi and TSi, respectively. 

In this case, MSi only depends on itself, hence the sub- arn of JourneyPlannerNet defined 
by MSi, i.e. the arn assigned to the requires-point Ri of JourneyPlanner, is given by the 
process MS and its port MSi. In contrast, the point JPi depends on all the other points of 
JourneyPlannerNet, and thus it defines the entire ARN JourneyPlannerNet. 

In view of the above observation, we may consider the requires-points of networks as 
counterparts of the variables used in program expressions, and their morphisms as substi¬ 
tutions. This leads us to the following definition of ground arns. 

Definition 2.26 (Ground arn). An ARN is said to be ground if it has no requires-points. 
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Figure 8 : The ARN JourneyPlannerNet 

Properties. The evaluation of specifications with respect to ground arns relies on the 
concepts of diagram of a network and automaton (i.e. ALTL -model) defined by a point, 
whose purpose is to describe the observable behaviour of a ground ARN through one of its 
points. We start by extending Remarks 12.101 and 12.141 to arns. 

Fact 2.27 (Diagram of an arn). Every arn 01 = (X, P, (7, 7 , M,/i, A) defines a diagram 
D<n'- Jai Sig^^^ as follows: 

• is the free preordered category given by the set of objects 

X U P U C U {(c, I c € C, X € 7 c} 

and the arrows 

- {x—;>p|p€P, x€ 7 p} for computation hyperedges, and 

- {c -^r- (c, x)g^ —>■ X I c G C, X € 7c} for communication hyperedges; 

• Ds^fx is the functor that provides the sets of actions of ports, processes and channels, 
together with the appropriate mappings between them. For example, given a communi¬ 
cation hyperedge c € C and a point x G 7 c, 

- D<yi{c) = Am,, D<yi{{c,x)^) = dom(^^), D<yi{x) = Am,, 

- D<yi{{c,x)^ c) = (dom(^^) C Am,), and 

- D^{{c,x)^ ^ x) = 

We define the signature of an ARN by taking the colimit of its diagram, which is guaranteed 
to exist because the category Sig *^"*"^ , i.e. Set, is finitely cocomplete. 

Definition 2.28 (Signature of an arn). The signature of an arn 91 is the colimiting cocone 
^: D<yi A<^ of the diagram Dt^. 

The most important construction that allows us to define properties of ground arns is 
the one that defines the observed behaviour of a (ground) network at one of its points. 

Definition 2.29 (Automaton defined by a point). Let x be a point of a ground arn ©. 
The observed automaton Ax at x is given by the reduct A©^ 1"^^, where 

• 03 , = (X, P, C, 7 , M, //, A) is the sub- ARN of © defined by x, 

• ^ A(g^ is the signature of &x, 

• Ag^ is the product automaton HeePuc 

• A®^ is the cofree expansion of Ag along for any hyperedge e G P U C. 

Example 2.30. Consider once again the (ground) arn represented in Figure [HI The 
automaton defined by the point MSi is just ^ms[amsi> follows from the observation 
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that the ARN defined by MSi consists exclusively of the process MS and the port MSi. On 
the other hand, in order to obtain the automaton defined by the provides-point JPi one 
needs to compute the product of the cofree expansions of all four automata Ajp, Ac, Ams 
and Ajs- Based on ProDositions l2.4l and l2.5l the resulting automaton has to accept precisely 
the projections to of those traces accepted by Ajp that are compatible with traces 

accepted by Ac, Ams and Ajs, in tbe sense that together they give rise, by amalgamation, 
to traces over the alphabet of the network. 


We now have all the necessary concepts for defining properties of ground ARNs. 

Definition 2.31 (Property of an arn). Let @x p be a specification over a ground arn ©. 
Then @ 3 , p is a property of © if and only if the automaton A^, observed at the point x in © 
satisfies (according to the definition of satisfaction in aLTL) the temporal sentence p. 

A. 


Remark 2.32. It is important to notice that not only the signature of an ARN, but also 
the various cofree expansions and products considered in Definition 12.291 are unique only 
up to an isomorphism. Consequently, the automaton defined by a point of a ground arn 
is also unique only up to an isomorphism, which means that the closure of aLTL under 
isomorphisms plays a crucial role in ensuring that the evaluation of specifications with 
respect to ground arns is well defined. 


All we need now in order to complete the construction of the orchestration scheme of 
arns is to show that the morphisms of ground arns preserve properties. This result depends 
upon the last of the four hypotheses we introduced at the beginning of the subsection: the 
reflection of the satisfaction of sentences by the model homomorphisms of the institution 
used as foundation for the construction of arns. 


Proposition 2.33. For every morphism of ground arns 0: ©1 ^ ©2 and every property 
@x p of <5i, the specification Spec{9)(@x p) is a property of (32- 


Proof. Let ©f and ©| be the sub-ARNs of ©1 and ©2 determined by x and 6{x) respectively, 
and let us also assume that ©f = (X*, Pj, Cj, 7*, M*,/i®. A*) and that is the 

signature of ©f , for i G { 1 , 2 }. Since @ 3 , p is a property of © 1 , we know that the automaton 
Ai observed at the point x in ©1 satisfies p. We also know that 0: ©1 —©2 defines the 

• Am 2 as the identity of Ami ^ (because ©1 is 


ALTL -signature morphism 9x^: A 


Ml- 


ground); hence, the automaton A^^^^ observed at 9{x) in ©2 is also a model of Ami^- 

By Proposition 12.61 ALTL -model homomorphisms reflect the satisfaction of sentences; 
therefore, in order to prove that A^^^^ satisfies p ~ and in this way, that Spec(0)(@a; p) is a 
property of ©2 ~ it suffices to determine the existence of a homomorphism A^^^^ —>■ A,),. 
Recall that A,|, and AL , are the reducts Ae^ Li and A 05 L 2 , where, for i € {1,2}, 


• Ag^ is the product OeeP uc ®, equipped with projections tt® : Ae^ Ae\ and 

• Ae®, for e € Pi U Ci, is the cofree expansion of A® along ^®, for which we denote the 

universal morphism from to A® by e® : Ae® —)• A*. 


According to the description of the arns defined by given points, we can restrict 0 to a 
morphism of ARNs from ©} to ©f. Since ©f is ground, we further obtain, based on this 
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restriction, a functor F: 


that makes the following diagram commutative. 



This allows us to define the derived cocone F ■ => A©|, whose components are 

given, for example, by {F ■ Since is the colimit of L)©j it follows that there 

exists a (unique) morphism of cocones a: ^ T ■ i.e. an ALTL -signature morphism 

cr: A©j —)• ^4©^ that satisfies, in particular, Cl 9 ^^ = every hyperedge e € Pi U Ci. 

We obtain in this way, for every hyperedge e G Pi U Ci, the composite morphism 

^d(e) from . = fr©f to 




9 ( 


Ai = A2 


0(e) ^ 




Af 


-e(e) 


A ®2 1 

^e(e) 


2 -f- 

e(e) 






he r^i 


?e(e) 


= fr@il'(7l'ci fr©ito 


0 ^ 1 1 

Given that Ae ^ is the cofree expansion of Ag along Cl: we deduce that there exists a 
(unique) morphism he • Ae ^ such that the above diagram is commutative. This 

implies, by the universal property of the product A©a:, the existence of a (unique) morphism 
h: A©^ (g,. ^ A©j such that h^nl = hg for every e G Pi U Ci. 



It follows that the reduct /lAi is a morphism from A©^ I'^Ai to A©^ Ai. Then, to complete 

See ^ Sx 1 Sx 

the proof, we only need to notice that A©| to- tgi = A©| (^2 = Ag|.^^ and A©^ (gi = HH 


3. A Logical View on Service Discovery and Binding 

Building on the results of Section [2l let us now investigate how the semantics of the ser¬ 
vice overlay can be characterized using fundamental computational aspects of the logic¬ 
programming paradigm such as unification and resolution. Our approach is founded upon 
a simple and intuitive analogy between concepts of service-oriented computing like service 
module and client application [FLBllj . and concepts such as clause and query that are 
specific to (the relational variant of) logic programming |Llo87| . In order to clarify this 
analogy we rely on the institutional framework that we put forward in TF15| to address 
the model-theoretic foundations of logic programming. 
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We begin by briefly recalling the most basic structure that underlies both the deno- 
tational and the operational semantics of relational logic programming: the substitution 
system of (sets of) variables and substitutions over a given (single-sorted) first-order sig¬ 
nature. Its dehnition relies technically on the category Room of institution rooms and 
corridors (see e.g. [Mos02| i. The objects of Room are triples (5, M, N) consisting of a set 
S of sentences, a category M of models, and a satisfaction relation 1= C |M| x S. They 
are related through corridors {a,l3)\ (S', M, 1=) (S',M',I=') that abstract the change of 

notation within or between logics by defining a sentence-translation function a: S ^ S' 
and a model-reduction functor (3 : M' ^ M such that the following condition holds for all 
M' G |M'| and p ^ S: 

M' N' a{p) if and only if /3(M') 1= p. 

Definition 3.1 (Substitution system). A substitution system is a triple (Subst, G, <S) , often 
denoted simply by S, that consists of 

• a category Subst of signatures of variables and substitutions, 

• a room G of ground sentences and models, and 

• a functor S: Subst G j Room, defining for every signature of variables X the corridor 
5(X): G —>■ G{X) from G to the room G{X) of X-sentences and X-models. 

Example 3.2. In the case of conventional logic programming, every single-sorted hrst-order 
signature {F, P) determines a substitution system 

(AFOL^) : Subst(j.,p) ^ AFOL^ fF. P) / Roonjl 

where Subst^p^p^ is simply the category whose objects are sets of variables (dehned over the 
signature {F,P)), and whose arrows are first-order substitutions. The room AF0L )/(F P) 
accounts for the (ground) atomic sentences given by {F,P), the models of {F,P), as well 
as the standard satisfaction relation between them. And finally, the functor (AFOL^)^^p^ 
maps every signature (i.e. set) of variables X to the corridor {oi{F,p),x-, I^{f,p),x)-, 

°‘(F,P),X 

r \ 

(Sen(F, P), Mod(P, P), F(p,p)) (Sen(P U A, P), Mod(P U A, P), ^{fux,p)) 

\ _y 

d{F,P),X 

where a(^F,P),x and I3(^f,p),x are the translation of sentences and the reduction of models 
that correspond to the inclusion of signatures (P, P) C (P U A, P). 

Substitution systems are particularly useful when reasoning about the semantics of 
clauses and queries. For instance, the above substitution system can be used to define 
(dehnite) clauses over (P, P) as syntactic structures VA • G H, also written 

G^H 

such that A is a signature of variables, G is sentence over (PU A, P), and P is a (hnite) set 
of sentences over (P U A, P) 0 The semantics of such a construction is given by the class 

^Through AFOL^ we refer to the institution that corresponds to the atomic fragment of the single-sorted 
variant of first-order logic without equality. 

^^Note that, in relational logic programming, the variables are often distinguished from other symbols 
through notational conventions; for this reason, the set X of variables is at times omitted. 
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of models of {F,P), i.e. of ground models of the substitution system, whose expansions to 
{F U X, P) satisfy C whenever they satisfy all sentences va. H ~ this reflects the usual inter¬ 
pretation of logic-programming clauses as universally quantified sentences VX ■ /\H ^ C. 

Similarly to institutions, the axiomatic approach to logic programming on which we rely 
in this paper is parameterized by the signature used. In categorical terms, this means that 
the morphisms of signatures induce appropriate morphisms between their corresponding 
substitution systems, and moreover, that this mapping is functorial. As regards our inquiry 
on the semantics of the service overlay, it suffices to recall that the category SubstSys of 
substitution systems results from the Grothendieck construction |TBG9l] for the functor 
[_—)■_/ Room]: (Cat x Room)”^ —Cat that maps 

• every category Subst and room G to the category of functors [Subst G j Room], 

• every functor 'I': Subst Subst^ and corridor ac : G —)• G' to the canonical composition 

functor 'I'_(k / Room): [Subst' G' j Room] —)• [Subst G j Room], 

This allows us to introduce the next notion of generalized substitution system. 

Definition 3.3 (Generalized substitution system). A generalized substitution system is a 
pair (Sig, QS) given by a category Sig of signatures, and a functor QS: Sig —>■ SubstSys. 

In order to provide a better understanding of the complex structure of generalized substi¬ 
tution systems, we consider the following notational conventions and terminology: 

— For every signature S of a generalized substitution system QS, we denote the (local) 
substitution system t?<S(S) by GSs- Substs Gs / Room, and we refer to the objects 
and morphisms of Substs as signatures of Ti-variables and P,-substitutions. The room 
Gs is assumed to comprise the set Sen(S) of ground P-sentences, the category Mod(S) 
of P-models, and the P-satisfaction relation l=s C ]Mod(S)] x Sen(S). 

— On objects, maps every signature of S-variables X to the corridor GSj:{X) = 

P'E,x) from Gs to the room Gs(^) = (Sens(Ai), ModE(X), l=s,x) of X-sentences 
and X-models. 

: Sen(S) ^ Sens(A:) /3s,x : Mods(A:) ^ Mod(S) 

— On arrows, ^<Ss maps every S-substitution f;: X —>■ Y to the corridor t7<Ss(V’) = 
(Sens(V') )Mods (V’)) from Gs(^) to Gs(T), which satishes, by definition, GSj]{X) ^ 
gSJ^i^l;) = gSj:iY). 


Sen(S) Mod(S) 



Modj:(X) Mocfe(r) 
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— With respect to signature morphisms, every ip: E —>■ S' determines a morphism of substi¬ 
tution systems QS^p : QS-^ QSy,' in the form of a triple Kp, Tp), where is a func¬ 
tor Substs —>■ Substs', Up is a corridor (Sen((/9), Mod((/9)): Gs —>■ Gs', and for every signa¬ 
ture of S-variables X, Tp^x is a (natural) corridor {ap^x, I3p,x)- Gj:iX) Gsip{X)). 


Sen(S) > Sen(S') 


Q:s,X 




Sens(X)^Sens^(^^(X)) 


, ^ Mod(w) ^ 

Mod(E) ^- — Mod(E') 


i9e,x 

Mods(X) 4 




Mods'('I'(/j(X)) 


In addition, we adopt notational conventions that are similar to those used for institutions. 
For example, we may use superscripts as in Subst^*^ is order to avoid potential ambiguities; 
or we may drop the subscripts of l=s,x when there is no danger of confusion. Also, we will 
often denote the functions Sen((/3), as, a: and Sens('0) by ip{-), X{_) and V'(-), respectively, 
and the functors Mod(y5), /3s,A and Mods(V') by -1",^, -(s and 

Example 3.4. Relational logic programming is based upon the generalized substitution 
system AFOL^ of the atomic fragment of single-sorted first-order logic without equality. 

AFOL^ ; Sig^^# ^ SubstSys 

AFOL^ 

In this case, the category Sig-is just the category of single-sorted first-order signatures. 

Every signature {F,P) is mapped to a substitution system (AFOL^)^^p^ as described in 
Example 13.21 while every signature morphism ip: {F,P) — {F',P') resolves to a morphism 
of substitution systems for which ^p is the obvious translation of {F, P)-substitutions along 
(/?, and Kp is the corridor AFOL^ ((/?). A more detailed presentation of first-order generalized 
substitution systems can be found in |TF15 . 


3.1. A Generalized Substitution System of Orchestration Schemes. What is es¬ 
sential about orchestration schemes with respect to the development of the service-oriented 
variant of logic programming is that they can be organized as a category OS from which there 
exists a functor OrcScheme into SubstSys that allows us to capture some of the most ba¬ 
sic aspects of service-oriented computing by means of logic-programming constructs. More 
precisely, orchestration schemes form the signatures of a generalized substitution system 

OrcScheme: OS —> SubstSys 

through which the notions of service module, application, discovery and binding emerge as 
particular instances of the abstract notions of clause, query, unification and resolution. In 
this sense, OrcScheme and AFOL^ can be regarded as structures having the same role in 
the description of service-oriented and relational logic programming, respectively. 

Morphisms of orchestration schemes are, intuitively, a way of encoding orchestrations. 
In order to understand how they arise in practice, let us consider a morphism ip between 
two algebraic signatures S and S' used in defining program expressions. For instance, we 
may assume S to be the signature of structured programs discussed in Example 12.21 and 
S —>• S' its extension with a new operation symbol repeat .until PgmCond —> Pgm. 
Then, it is easy to notice that the translation of S-terms (over a given set of program 
variables) along ip generalizes to a functor F between the categories of program expressions 
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defined over S and S'. Moreover, the choice of (p enables us to define a second functor 
U, from program expressions over S' to program expression over S, based on the derived 
signature morphism (see e.g. |STll| i S' —>■ S that encodes the repeat .until _ operation 
as the term 1 § whilenot 2 do 1 donejni The functor U is clearly a right inverse of F with 
respect to ground program expressions, whereas in general, for every program expression 
pgm over S we actually obtain a morphism ijpgm- pgm U{F{pgm)) as a result of the 
potential renaming of program variables; thus, the morphism r]pgm accounts for translation 
of the program variables of pgm along F ^ U. Furthermore, for every program expression 
pgm' over S', the translation of S-sentences determined by ip extends to a map between 
the specifications over U{pgm') and the specihcations over pgm', which, as we will see, 
can be used to define a translation of the specifications over a program expression pgm 
(given by S) to specifications over F{pgm). With respect to the semantics, it is natural 
to expect that every program expression pgm over S has the same behaviour as F{pgm) 
and, even more, that every program expression pgm' over S' (that may be built using 
repeat .until _), behaves in the same way as U{pgm'). These observations lead us to the 
following formalization of the notion of morphism of orchestration schemes. 

Definition 3.5 (Morphism of orchestration schemes). A morphism between orchestration 
schemes (Ore, Spec, Grc, Prop) and (Ore', Spec', Ore', Prop') is a tuple {F,U,r],a), where 


F 



u 


• F and U are functors as depicted above such that T(Grc) C Grc' and C/(Grc') C Grc, 

• 7/ is a natural transformation lorc F such that r/g = Ig for every g G |Grc|, and 

• fj is a natural transformation U ^ Spec Spec' such that for every ground orchestration 
g' G |Grc'| and specification p G Spec(17(g')), 

<Tg'(/9) G Prop'(g') if and only if p G Prop(17(g')). 

Example 3.6. Let X = (Sig, Sen, Mod, 1=) and X' = (Sig', Sen', Mod', 1=') be two institutions 
suitable for defining orchestration schemes of arns (according to the hypotheses intro¬ 
duced in Subsection 12.2p . and let (T, a, /3) be a morphism of institutions X' ^ X such that 
T: Sig' ^ Sig is cocontinuous and /3: Mod' T°p ^ Mod preserves cofree expansions and 
products. If T and /3 admit sections, that is if there exist a functor : Sig —>■ Sig' such that 
= Igig and a natural transformation r: Mod <h°P^Mod' such that r§(<h°P-/3) = iMod) 
then (T,a,/3) gives rise to a morphism {F,U,r],a) between the orchestration schemes of 
ARNs defined over X and X'. In particular, the functor F maps the diagram and the models 
that label an arn dehned over X to their images under and r; similarly, U maps arns 
dehned over X' according to T and /3; the natural transformation p is just an identity, and a 
extends the a-translation of sentences to specifications. The additional properties of T and 
/3 are essential for ensuring that the observable behaviour of ground networks is preserved. 

One may consider, for instance, the extension of aLTL (in the role of X) with new 
temporal modalities such as previous and since, as in [KMWZTO] : this naturally leads to a 
morphism of orchestration schemes for which both T and (3 would be identities. Alterna¬ 
tively, one may explore the correspondence between deterministic weak cj-automata - which 
form a subclass of Muller automata - and sets of traces that are both Biichi and co-Biichi 

this context, Pgm and 2: Cond are variables corresponding to the arguments of the derived 
operation. 
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deterministically recognizable - for which a minimal automaton can be shown to exist (see 
e.g. [MS971 ILodOlj l. In this case, in the roles of X and X' we could consider variants of 
aLTL with models given by sets of traces and deterministic weak automata, respectively^ 
T and a would be identities, /3 would define the language recognized by a given automaton, 
and r would capture the construction of minimal automata. 

It it easy to see that the morphisms of orchestration schemes compose in a natural way 
in terms of their components, thus giving rise to a category of orchestration schemes. 

Proposition 3.7. The morphisms of orchestration schemes can he composed as follows: 

{F, U, rj, a) ^ (F', U', r?', a') = {F p F', U'{F ■ r,'■ U), {W • a) ^ a'). 

Under this composition, orchestration schemes and their morphisms form a category OS. □ 


The definition of the functor OrcScheme is grounded on two simple ideas: 

1 . Orchestrations can be regarded as signatures of variables; they provide sentences in the 
form of specifications, and models as morphisms into ground orchestrations - which 
can also be seen, in the case of arns, for example, as collections of ground networks 
assigned to the ‘variables’ of the considered orchestration. In addition, we can define 
a satisfaction relation between the models and the sentences of an orchestration based 
of the evaluation of specifications with respect to ground orchestrations. In this way, 
every orchestration scheme yields an institution whose composition resembles that of the 
so-called institutions of extended models |SML04] . 

2. There is a one-to-one correspondence between institutions and substitution systems de¬ 
fined over the initial room (0, , 0) - the room given by the empty set of sentences, the 
terminal category , and the empty satisfaction relation. The effect of this is that a 
clause can be described as ‘correct’ whenever it is satisfied by the sole model of (0, , 0); 
therefore, we obtain precisely the notion of correctness of a service module [FLBll] : all 
models of the underlying signature of variables, i.e. of the orchestration, that satisfy the 
antecedent of the clause satisfy its consequent as well. 

Formally, OrcScheme results from the composition of two functors. Ins; OS —coins and 

SS: coins —SubstSys, that implement the general constructions outlined above. 


OrcScheme 


Ins 


SS 


The functor Ins carries most of the complexity of OrcScheme 
tail in Theorem 


Concerning SS, we recall from TF15 


A- coins ———>■ SubstSys 

, and is discussed in de- 
that the category coins of 

institution comorphisms can also be described as the category [_ —)■ Moom]^ of functors 
into Room, and that any functor G: K ^ can be extended to a functor [_ —>■ K]** —)■ 
[_ —>■ that is given essentially by the right-composition with G. In particular, the iso¬ 

morphism Room ^ (0, , 0) / Room that maps every room {S, M, 1=) to the unique corri¬ 
dor (0, ,0) — (5, M, 1=) generates an isomorphism of categories between [_ —>■ Room]**, i.e. 
coins, and [_ —)■ (0, ,0) /Room]**. The latter is further embedded into SubstSys, defining 
in this way, by composition, the required functor SS. To sum up, SS maps every institution 


12 


Note that, to ensure that model reducts are well defined for deterministic automata, one may need to 
restrict signature morphisms to injective maps. 
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X: Sig Room to the substitution system <S: Sig ^ (0, ,0) / Room for which 5(S), for 
every signature S E |Sig|, is the unique corridor between (0, ,0) and X(S). 

Theorem 3.8. The following map defines a functor Ins: OS —)■ coins. 

• For any orchestration scheme O = (Ore, Spec, Ore, Prop), Ins(O) is the institution whose 
category of signatures is Ore, sentence functor is Spec, model functor is _/Grc, and whose 
family of satisfaction relations is given by 

((5: 0 — 7 > g) 1=0 SP if and only if Spec{d){SP) E Prop(g) 

for every orchestration o, every o-model 6, i.e. every morphism of orchestrations d: o —)• g 
such that g is ground, and every specification SP over oo 

• For any morphism of orchestration schemes (F, U,r],a): O —)• O', with O as above and 
O' given by (Ore', Spec', Grc', Prop'), lns(F,U,r], a) is the comorphism of institutions 
{F, a, fi) : Ins(O) ^ Ins(O') defined by 

exo Spec(7]o) 9 ^F(o) 
fio = vf{o) 9 ivo / Grc) 

for every orchestration o E |Orc|, where u: (_/ Grc') => ^ (_/ Grc) is the natural 

transformation given by Vgfix) = U{x) for every orchestration o' E |Orc'| and every 
object or arrow x of the comma category o' / Grc'. 

Proof. For the first part, all we need to show is that the satisfaction condition holds; but this 
follows easily since for every morphism of orchestrations 0 : 0 i —> 02 , every Oi-specification 
SP and every 02 -model 5: 02 ^ g, 

6 1=02 Spec{9){SP) if and only if Spec(0 ^ 5){SP) E Prop(g) 
if and only if {6 / Grc)(5) = 9^6 \=02 SP. 

As regards the second part of the statement, let us begin by noticing that a and fi are 
the natural transformations {rj ■ Spec) ^ {F ■ a) and (r/°P • (_ / Grc)) p (F°p • v), respectively. 
Then, in order to verify that {F,a,fi) is indeed a comorphism Ins(O) —>■ Ins(O'), consider 
an orchestration 0 in Ore, a model 6': F{o) —g' of F{o), and a specification SP over 0 . 
Assuming that \=' is the family of satisfaction relations of Ins((P'), we deduce that 


''f{o) 

iff 

aoiSP) 

Spec'{6'){ao{SP)) E Prop'(g') 

by the definition of b^^^^ 

iff 

Spec'((5')(crjr(o)(Spec(r/o)(5'P))) E Prop'(g') 

by the definition of ao 

iff 

cr 0 /(Spec(r/o §C/((5'))(5'P)) E Prop'(g') 

by the naturality of a 

iff 

Spec(? 7 o -,U{6')){SP) E Prop([/(g')) 

since Prop(C/(g')) = f7g;^(Prop'(g')) 

iff 

Po ^ 0(6') bo SP 

by the definition of bp 

iff 

MS') be SP 

by the definition of fig. 


Finally, it is easy to see that Ins preserves identities. To prove that it also preserves 
composition, let {F,U,r],a) and {F',U',r]',a') be morphisms of orchestration schemes as 


^^Moreover, Ins((!?) is exact, because the functor _/Grc: Orc°^ Cat is continuous (see e.g. [Mes89]). 
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below, and suppose that lns{F,U,r],cr) = {F,a,l3) and lns{F',U',r]',cr') = {F',a',l3'). 


{F,U,ri,a) {F',U',r]'F) 

kc, Spec, Grc, Prop)-^ (Ore', Spec', Grc', Prop')->■ (Ore", Spec", Grc", Prop") 

V_/ 

{F%F',U’%U,ri%{F-v'-U),{U'-ay,a') 


In addition, let v: {- / Grc') ^ C/°p p (_ / Grc) and v': (_ / Grc") ^ ^ (_ / Grc') be 

the natural transformations involved in the definitions of j3 and 13', respectively. Based 
on the composition of morphisms of orchestration schemes and on the definition of Ins, 
it follows that lns{{F,U,r],a) ^ {F',U',7]',a')) is a comorphism of institutions of the form 
{F %F', a", /3"), where a" and /3" are given by 

a" = Spec((r/ %{F -t]' ■ [/)) J ^ (([/' • a) % 

/3'' = {v' ^ (C/'°P • ^ ((i? P (F • 17 ' • U))^ / Grc). 

In order to complete the proof we need to show that a" = a%{F ■ a') and /3" = {F ■ (3') % j3. 
Each of these equalities follows from a sequence of straightforward calculations that relies 
on the naturality of a (in the case of a"), or on the naturality of v (in the case of /?"). 

~ Spec(T 7 o) 9 Spec(17(r/^j’^p))) 9 cr(^p.F'%U'){o) 9 ^{f-,f'){o) 

I_I 

= Spec(r/p) ^ apio) I Spec '^ <^(^5^0(0) 

= «0 9 *^^(0) 

/^O = ^(F 5 E')(d) 9 V(F^,F'tU')io) 9 iU{VF(o)) / 'Sre) / Grc) 

I_ I 

= ^(F 5 E')(d) 9 iVFio) / 'Krc') § Vp^o) 9 (rio / Grc) 

~ t^F{o) 9/^0 n 

Corollary 3.9. The pair (OS, OrcScheme) defines a generalized substitution system. □ 


We recall from |TF15| that, in order to be used as semantic frameworks for logic pro¬ 
gramming, generalized substitution systems need to ensure a weak model-amalgamation 
property between the models that are ground and those that are defined by signatures of 
variables. This property entails that the satisfaction of quantified sentences (and in particu¬ 
lar, of clauses and queries) is invariant under change of notation. In the case of OrcScheme, 
this means, for example, that the correctness property of service modules does not depend 
on the actual orchestration scheme over which the modules are defined. 


Definition 3.10 (Model amalgamation). A generalized substitution system QS: Sig —)■ 
SubstSys has weak model amalgamation when for every signature morphism (p\ S —> S' and 
every signature of S-variables A, the diagram depicted below is a weak pullback. 


|Mod(S)| ^-|Mod(S')| 



|ModE(A)| 4--|ModE^(T^(A))| 

Pip,x 


This means that for every model S'-model M' and every A-model N such that M'f^ = N\-p, 
there exists a T<^(A)-model N' that satisfies = M' and = N. 
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Proposition 3.11. The generalized substitution system OrcScheme: OS ^ SubstSys has 
weak model amalgamation. 

Proof. Let be a morphism {F, U, rj, a) between orchestration schemes O and O' as in 
Dehnition 13.51 and let o be an orchestration of O. Since orchestrations dehne substitution 
systems over the initial room (0, ,0), we can redraw the diagram of interest as follows: 


•f 


-\tp 


-to 



0 / Grc| ■(—- \F{o) / Ore' 


It is easy to see that the above diagram depicts a weak pullback if and only if is 
surjective on objects. By Theorem 13.81 we know that = i]o 9 U{6') for every object 

6' : F{o) q' in \F{o) / Grc^|. Therefore, for every 5: 0 ^ g in |o / Grc| we obtain 

fd^,oiFiS)) = Vo,U{F{5)) 

= 5 by the naturality of r] 

= 5 because, by definition, r/g is an identity. 

□ 


Remark 3.12. In addition to model amalgamation, it is important to notice that, similarly 
to AFOL^, in OrcScheme the satisfaction of sentences is preserved by model homomor- 
phisms. This is an immediate consequence of the fact that, in every orchestration scheme, 
the morphisms of ground orchestrations preserve properties: given an orchestration 0 , a 
specification SP over 0 , and a homomorphism ( between o-models (5i and <52 as depicted 
below, if Spec{5i){SP) is a property of gi then Spec{52){SP) = Spec(C)(Spec((5i)(5'P)) is a 
property of g 2 ; therefore, |=0'"cScheme gp |-OrcScheme 



01 -02 


3.2. The Clausal Structure of Services. Given the above constructions, we can now 
consider a service-oriented notion of clause, defined over the generalized substitution sys¬ 
tem OrcScheme rather than AFOL^. Intuitively, this means that we replace hrst-order 
signatures with orchestration schemes, sets of variables with orchestrations, and hrst-order 
sentences (over given sets of variables) with speciheations. Furthermore, certain orches¬ 
tration schemes allow us to identify structures that correspond to hner-grained notions 
like variable and term: in the case of program expressions, variables and terms have their 
usual meaning (although we only take into account executable expressions), whereas in the 
case of ARNs, variables and terms materialize as requires-points and sub-ARNs dehned by 
provides-points. 

The following notion of service clause corresponds to the concept of service module 
presented in |FLB11| , and also to the concept of orchestrated interface discussed in |FL13a] . 
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Definition 3.13 (Service clause). A (definite) service-oriented clause over a given orches¬ 
tration scheme O = (Ore, Spec, Ore, Prop) is a structure Vo • P •(— i?, also denoted 

R 

0 

where o is an orchestration of O, P is a specification over o - called the provides-interface 
of the clause - and P is a finite set of specifications over o - the requires-interface of the 
clause. 

The semantics of service-oriented clauses is defined just as the semantics of first-order 
clauses, except they are evaluated within the generalized substitution system OrcScheme 
instead of AFOL^. As mentioned before, this means that we can only distinguish whether 
or not a clause is correct. 

Definition 3.14 (Correct clause). A service-oriented clause Vo • P P is correct if for 
every morphism 5: o ^ g such that g is a ground orchestration and Spec(5)(P) consists 
only of properties of g, the specification Spec((5)(P) is also a property of g. 

In other words, a service clause is correct if the specification given by its provides-interface 
is ensured by its orchestration and the specifications of its requires-interface. 

Example 3.15. We have already encountered several instances of service clauses in the 
form of the program modules depicted in Figured) Their provides- and requires-interfaces 
are placed on the left- and right-hand side of their orchestrations, and are represented using 
symbolic forms that are traditionally associated with services. 

To illustrate how service modules can be defined as clauses over arns, notice that 
the network JourneyPlanner introduced in Example 12.171 can orchestrate a module named 
Journey Planner that consistently delivers the requested directions, provided that the routes 
and the timetables can be obtained whenever they are needed. This can be described in 
logical terms through the following (correct) service-oriented clause: 

@JPl^JourneyPlanner > ®R 2 ^2 } 

where and P 2 ^ correspond to the ALTL -sentences □(planJourneyj ^ ^directions!), 

□ (getRoutesj => ^routes!) and □(routesj ^ Otimetables!), respectively. 

Client applications are captured in the present setting by service-oriented queries. The 
way they are defined is similar to that of service clauses, but their semantics is based on an 
existential quantification, not on a universal one. 

Definition 3.16 (Service query). A service-oriented query over an orchestration scheme 
O = (Ore, Spec, Ore, Prop) is a structure 3o • Q, also written 

such that 0 is an orchestration of O, and Q is a finite set of specifications over o that defines 
the requires-interface of the query. 

Definition 3.17 (Satisfiable query). A service-oriented query 3o • Q is said to be satisfi- 
able if there exists a morphism of orchestrations J: o — g such that g is ground and all 
specifications in Spec((5)((5) are properties of g. 
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Example 3.18. Figure [9] outlines the arn of a possible client application for the service 
module Journey Planner discussed in Example 13.151 We specify the actual application, 
called Traveller, through the service query 

' Traveller } 

given by the ALTL -sentence □(getRoutej ^ Oroute!). 

( -^ "*"1 

-p (' — I -1 ~ -1' 

I — getRoute ' C I getRoute -R ' 

I I 

yY I + route I Ac I route — , 


Figure 9: The arn Traveller 


3.3. Resolution as Service Discovery and Binding. Let us now tnrn our attention 
to the dynamic aspects of service-oriented computing that result from the process of ser¬ 
vice discovery and binding [FLBllj . Service discovery represents, as in conventional logic 
programming, the search for a module (service clause) that can be bound to a given ap¬ 
plication (service query) in order to take it one step closer to a possible solution, i.e. to a 
‘complete’ application capable of fulfilling its goal. From a technical point of view, both 
discovery and binding are subject to matching the requires-interface of the application, or 
more precisely, one of its specifications, with the provides-interface of the module under 
consideration. This is usually achieved through a suitable notion of refinement of specifi¬ 
cations. For instance, in the case of program expressions, given specifications 
and L2'- [p2, p'fi over programs pgmi'. eXpi and pgm2'. eXp2, respectively, L2- [P2,P2] refines 
Li: [pi, Pi] up to a cospan 

T. (bl,7ri> „ {b2,7r2> 

pgm^: eXp^ - pgm: eXp < - pg'm'2 ■ ^^P2 

if by translation we obtain specifications that refer to the same position of pgm: eXp, i.e. 
TTi • = 7 r 2 ■ L2, such that the pre-condition V’ 2 (/ 02 ) is weaker that fii{pi), and the post¬ 

condition ' 02 (/O 2 ) i® stronger than fii{p[), meaning that 

0i(/3i) 02 (^ 2 ) and 02 (P 2 ) 0i(p'i)- 

This notion of refinement reflects the rules of consequence introduced in |Hoa69| (see 
also |Mor94] . whence we also adopt the notation ti: [pi-,p'^ E 1 ^ 2 '- {P 2 -,p' 2 \ used in Figure [2]). 

In a similar manner, in the case of ARNs, a specification @ 3 ,^ pi over a network 9Ii is 
rehned by another specification @ 3,2 P 2 over a network Tt 2 up to a cospan of morphisms of 
ARNS (0i: 9Ti ^ 91,02: 912 ^ 91) when0i(xi) = 02 (^ 2 ) and ef^^^{p 2 ) [TTT3] . 

Both of these notions of refinement generalize to the following concept of unification. 

Definition 3.19 (Unihcation). Let SPi and SP 2 be specifications defined over orchestra¬ 
tions 0 i and 02 , respectively, of an arbitrary but fixed orchestration scheme. We say that the 
ordered pair {SPi, SP2) is unifiable if there exists a cospan of morphisms of orchestrations 

9i 82 

0i-0 -02 

called the unifier of SPi and SP2, such that 02(*S'P2) 0i(5Pi). 
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Therefore, (0i, 62 ) is a unifier of SPi and SP 2 if and only if, for every morphism of orches¬ 
trations (5: 0 —>■ g such that g is a ground orchestration, if Spec(02 9<5)(*S'P2) is a property of 
g then so is Spec(0i % 5){SPi). 

In conventional logic programming, the resolution inference rule simplihes the current 
goal and at the same time, through unification, yields computed substitutions that could 
eventually deliver a solution to the initial query. This process is accurately reflected in 
the case of service-oriented computing by service binding. However, unlike relational logic 
programming, in the case of services the emphasis is put not on the computed morphisms 
of orchestrations (i.e. on substitutions), but on the dynamic reconfiguration of the orches¬ 
trations (i.e. of the signatures of variables) that underlie the considered applications. 

Definition 3.20 (Resolution). Let 3oi • Qi be a query and V 02 • P 2 t— R 2 a clause defined 
over an arbitrary but fixed orchestration scheme. A query 3o • Q is said to be derived by 
resolution from 3oi- Qi and V 02 • P 2 t— i ?2 using the computed morphism 9i: 0 i ^ 0 when 

- 01 

^ 0 iiQi\{SPi})ue 2 iR 2 ) 

• 61 can be extended to a unifier { 61 , 62 ) of a specification SPi € Qi and P 2 ., and 

• Q is the set of specifications given by the translation along 0 i and 02 of the specifications 
in Qi \ {^Pi} and P 2 - 

Example 3.21. Consider the service query and the clause detailed in Examples 13.181 
and 13.151 One can easily see that the single specification pi of the requires-interface of 
the application Traveller and the provides-interface @jPi of the module Journey Planner 
form a unifiable pair: they admit, for instance, the unifier { 0 i, 02 ) given by 

Traveller > JourneyPlannerApp — JourneyPlanner 

• the ARN JourneyPlannerApp depicted in Figure fTOl 

• the morphism 0i that maps the point Ri to JPi, the communication hyperedge C to CJP 
and the messages getRoute and route of Mr^ to planJourney and directions, respectively, 
while preserving all the remaining elements of Traveller, and 

• the inclusion 62 of JourneyPanner into JourneyPlannerApp. 


Ri 



It follows that we can derive by resolution a new service query defined by the network 
JourneyPlannerApp and the requires-specifications @Rj pf' and ©Rj p^. 
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Traveller {®Rl} @JPi P JourneyPlanner {®Rl/’l ) ®R 2 ^2 } 

- 01 

' JourneyPlannerApp ^1 >^^2^2 } 


The logic-programming framework of services. The crucial property of the above 
notions of service clause, query, and resolution is that, together with the generalized sub¬ 
stitution system OrcScheme used to define them, they give rise to a logic-programming 
framework TF15 . The construction is to a great extent self-evident, and it requires little 


additional consideration apart from the fact that, from a technical point of view, in order 
to define clauses and queries as quantified sentences, we need to extend OrcScheme by 
closing the sets of sentences that it defines under propositional connectives such as impli¬ 
cation and conjunction. It should be noted, however, that the properties that guarantee 
the well-definedness of the resulting logic-programming framework such as the fact that 
its underlying generalized substitution system has weak model amalgamation (ensured by 
Proposition 13.lip , and also the fact that the satisfaction of specifications is preserved by 
model homomorphisms (detailed in Remark 13.121) . are far from trivial, especially when 
taking into account particular orchestration schemes (see e.g. Proposition 12.331) . 


By describing service discovery and binding as instances of unification and resolution 
(specific to the logic-programming framework of services) we obtain not only a rigorously 
defined analogy between service-oriented computing and relational logic programming, but 
also a way to apply the general theory of logic programming to the particular case of 
services. For example, we gain a concept of solution to a service query that reflects the rather 
intuitive service-oriented notion of solution and, moreover, through Herbrand’s theorem, a 
characterization of satisfiable queries as queries that admit solutions. 


Definition 3.22 (Solution). A solution, or correct answer, to a service-oriented query 3o • Q 
consists of a morphism of orchestrations iji: 0 ^ o' such that o' has models, and every one 
of them satisfies the ^-translations of the specifications in Q. 


Proposition 3.23. A service query is satisfiable if and only if it admits a solution. 


□ 


Even more significant is the fact that logic programming provides us with a general 
search procedure that can be used to compute solutions to queries. The search is triggered 
by a query 3o • Q and consists in the iterated application of resolution, that is of service 
discovery and binding, until the requires-interface of the derived service query consists 
solely of trivial specifications (tautologies); these are specifications whose translation along 
morphisms into ground orchestrations always gives rise to properties. Thus, whenever the 
search procedure successfully terminates we obtain a computed answer to the original query 
by sequentially composing the resulting computed morphisms. This is the process that led, 
for example, to the derivation of the program that calculates the quotient and the remainder 
obtained on dividing two natural numbers illustrated in Figure [2l The computed answer is 
given in this case by the sequence of substitutions 

pgm pgmi ^ pgm 2 H- {pgm.^ ^ pgmfi) § pgm 2 

i-A (g := 0 § r := x) § while y < r do 

q ■■= q + l°,r := r - y 
done. 
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In a similar manner, we can continue Example 13.211 towards the derivation of an answer 
to the Traveller application. To this purpose, we assume that Map Services and Transport 
System are two additional service modules that correspond to the processes MS and TS 
used in Example 12.251 and whose provides-interfaces meet the requires-specifications of the 
module Journey Planner. We obtain in this way the construction outlined in Figure [TT] 
The soundness of resolution, detailed in Proposition 13.241 below, entails that the search 
for solutions is sound as well, in the sense that every computed answer to 3o • Q is also a 
solution to 3o • Q. This fundamental result, originally discussed in |TF15| in the context 
of abstract logic programming, ensures, in combination with Proposition 13.231 that the 
operational semantics of the service overlay given by discovery and binding is sound with 
respect to the notion of satisfiability of a service query. 

Proposition 3.24. Let 3o • Q be a service query derived by resolution from 3oi • Qi and 
V 02 • P 2 R 2 using the computed morphism 6 * 1 : 0 i —>■ 0. //V 02 • P 2 R 2 is correct then, 
for any solution if to 3o • Q, the composed morphism 61 ^ ip is a solution to 3oi • Qi. □ 


4. Conclusions 

We have shown how the integration of the declarative and the operational semantics of con¬ 
ventional logic programming can be generalized to service-oriented computing, thus offering 
a unified semantics for the static and the dynamic aspects of this paradigm. That is, we 
have provided, for the first time, an algebraic framework that accounts for the mechanisms 
through which service interfaces can be orchestrated, as well as for those mechanisms that 
allow applications to discover and bind to services. 

The analogy that we have established is summarized in Table [TJ Our approach to 
the logic-programming semantics of services is based on the identification of the binding 
of terms to variables in logic programming with the binding of orchestrations of services 
to those of software applications in service-oriented computing; the answer to a service 
query ~ the request for external services - is obtained through resolution using service 
clauses - orchestrated service interfaces - that are available from a repository. This departs 
from other works on the logic-programming semantics of service-oriented computing such 
as [KBG07) that actually considered implementations of the service discovery and binding 
mechanisms based on constraint logic programming. 

The theory of services that we have developed here is grounded on a declarative se¬ 
mantics of service clauses defined over a novel logical system of orchestration schemes. The 
structure of the sentences and of the models of this logical system varies according to the 
orchestration scheme under consideration. For example, when orchestrations are defined as 
asynchronous relational networks over the institution aLTL . we obtain sentences as linear- 
temporal-logic sentences expressing properties observed at given interaction points of a 
network, and models in the form of ground orchestrations of Muller automata. Other logics 
(with corresponding model theory) could have been used instead of the automata-based 
variant of linear temporal logic, more specifically any institution such that (o) the category 
of signatures is (finitely) cocomplete; (6) there exist cofree models along every signature 
morphism; (c) the category of models of every signature has (finite) products; and (d) model 
homomorphisms reflect the satisfaction of sentences. Moreover, the formalism used in defin¬ 
ing orchestrations can change by means of morphisms of orchestration schemes. We could 
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Journey Planner Transport System 


Figure 11; The derivation of an answer to the Traveller application 

pI : □(getRoutej => Oroute!) : □(routesj ^ Otimetables!) 

p^^ : □(planJourneyj => ^directions!) p^^ : □(getRoutesj => Oroutes!) 

p^^: □(getRoutesj ^ ^routes!) p^^ : □(routesj ^ Otimetables!) 
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Table 1: Correspondence between concepts of relational and service-oriented logic programming 


Relational logic programming 


Service-oriented logic programming 


Concept 


over a signature {F, P) over program expressions over asynchronous relational networks 


Variable 

Term 


Clause 


Query 


Unification 

and 

resolution 


pair {x,Fo) 
structure (7{ti ,..., tn) 


universally quantified 
implication 

C^H 


existentially quantified 
conjunction 



program variable pgm: eXp 
program statement 

while C do 
1 pgm 1 

done 


program module 




) p, p” 





P, p' 


1 '91 ' 
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p',/ 
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program query 
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P ,P' ) 

ZZI- 


requires-point x £ X 
subnetwork determined by a point 
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I getRoutes | 

Ams 


service module 




term unification and program discovery and binding service discovery and binding 

first-order resolution (see Figure [2]) (see Figured!]) 
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consider, for instance, an encoding of the hypergraphs of processes and connections dis¬ 
cussed in this paper into graph-based structures similar to those of |FL13b| : or we could 
change their underlying institution by adding new temporal modalities (along the lines of 
Example I3.6p or by considering other classes of automata, like the closed reduced Biichi au¬ 
tomata used in |AS87l lFL13a] . This encourages us to further investigate aspects related to 
the heterogeneous foundations of service-oriented computing based on the proposed logical 
system of orchestration schemes. 
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